Healthcare Cyber Security Breaches in the News

Those parts of the [compromised] network contained names, dates of birth, Social Security numbers, Medicare and health plan identification numbers as well as some medical information such as patient diagnoses and procedures.

The facility was without access to email, digital patient records and some internet-connected medical devices following a cyber attack that saw hackers take its computer networks clear offline before demanding more than $5 million US in ransom.

In-House Data Breaches

Interestingly, breaches also often occur within healthcare organizations by staff members rather than third party hackers.

Last month, Trillium Health in Toronto faced a claim seeking $2 million in damages after Lisa Lyons, an Ophthalmologist’s assistant, accessed private patient information without consent or authority.

Lyons used her access to Trillium’s entire database to secretly review the confidential medical records of Trillium patients for many years and hundreds of times [...] Such records contain highly sensitive and private information about patients’ medical histories, including medications, treatments, operations, the diseases and disorders they may suffer from, and family circumstances, among others.

Island Health’s investigation confirmed the employees used their access privileges to view the records of patients with whom they had no care or service relationship.

This is the second data breach occurrence in a little over a year, as an Island Health employee was dismissed in April of 2015 after looking into 39 patient records.

This goes to show that the importance of safeguarding private patient information goes beyond protecting data from outsiders, but also requires instilling safety measures within healthcare organizations.

Protecting data such as patient files during transfers or consultations all require a secure network for physicians and other healthcare professionals to exchange private information. Hospitals should implement secure messaging platforms to provide their staff with a means to share essential information quickly and privately. The encrypted messages also make it virtually impossible for third party hackers to obtain their content.